1 /* 2 * Copyright (c) 1997 - 2002 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <krb5_locl.h> 35 36 RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $"); 37 38 krb5_error_code 39 krb5_build_authenticator (krb5_context context, 40 krb5_auth_context auth_context, 41 krb5_enctype enctype, 42 krb5_creds *cred, 43 Checksum *cksum, 44 Authenticator **auth_result, 45 krb5_data *result, 46 krb5_key_usage usage) 47 { 48 Authenticator *auth; 49 u_char *buf = NULL; 50 size_t buf_size; 51 size_t len; 52 krb5_error_code ret; 53 krb5_crypto crypto; 54 55 auth = malloc(sizeof(*auth)); 56 if (auth == NULL) { 57 krb5_set_error_string(context, "malloc: out of memory"); 58 return ENOMEM; 59 } 60 61 memset (auth, 0, sizeof(*auth)); 62 auth->authenticator_vno = 5; 63 copy_Realm(&cred->client->realm, &auth->crealm); 64 copy_PrincipalName(&cred->client->name, &auth->cname); 65 66 { 67 int32_t sec, usec; 68 69 krb5_us_timeofday (context, &sec, &usec); 70 auth->ctime = sec; 71 auth->cusec = usec; 72 } 73 ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey); 74 if(ret) 75 goto fail; 76 77 if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { 78 krb5_generate_seq_number (context, 79 &cred->session, 80 &auth_context->local_seqnumber); 81 ALLOC(auth->seq_number, 1); 82 *auth->seq_number = auth_context->local_seqnumber; 83 } else 84 auth->seq_number = NULL; 85 auth->authorization_data = NULL; 86 auth->cksum = cksum; 87 88 /* XXX - Copy more to auth_context? */ 89 90 if (auth_context) { 91 auth_context->authenticator->ctime = auth->ctime; 92 auth_context->authenticator->cusec = auth->cusec; 93 } 94 95 ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); 96 97 if (ret) 98 goto fail; 99 100 ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); 101 if (ret) 102 goto fail; 103 ret = krb5_encrypt (context, 104 crypto, 105 usage /* KRB5_KU_AP_REQ_AUTH */, 106 buf + buf_size - len, 107 len, 108 result); 109 krb5_crypto_destroy(context, crypto); 110 111 if (ret) 112 goto fail; 113 114 free (buf); 115 116 if (auth_result) 117 *auth_result = auth; 118 else { 119 /* Don't free the `cksum', it's allocated by the caller */ 120 auth->cksum = NULL; 121 free_Authenticator (auth); 122 free (auth); 123 } 124 return ret; 125 fail: 126 free_Authenticator (auth); 127 free (auth); 128 free (buf); 129 return ret; 130 } 131